Placeholder

Cyber Threats -- Internal and External


How to manage a team of innovative thinkers?

Technology inherently comes with threats that could disrupt operations and lives. We as technology experts must do a better job of educating our organizational staff and those outside our organizations how to protect their information. Today our role as employees and citizens requires vigilance of our actions involving our data and the organizations we trust with our data.

We as leaders of organizations often put our business mission needs above the security needs that protect our organizations, employees, customers, and the data we are entrusted with. Leaders must put the security risks of putting off security efforts over moving business projects forward. I believe that my position as leader is to let my team advise me of our security vulnerabilities and put those ahead of mission initiatives.

Not applying up-to-date security patches for operating systems, applications, network devices, and storage appliances can provide the vehicle for a bad actor to exploit. Too often leaders in organizations don’t realize the implications of putting security efforts behind business processes and projects. This has been identified in several data breach cases where the technical staff had the most recent patches but had not applied them due to other efforts prioritized ahead of security.

Internal Threats:
  1. Accidental deletion of data
  2. Accidents around hardware (spill liquids into the device)
  3. Mixing up employee or customer data
  4. Intentional removal of data from sensitive data systems
  5. Accessing emails carrying a dangerous payload to the organization
External Threats
  1. Ransomware
  2. Distributed Denial of Service (DDoS)
  3. BOTNETS
  4. Data Exfiltration
  5. Exploit Kits
  6. Advanced Persistent Threat (APT) – Penetration of network resources by a bad actor who resides undetected for a period.

Business products, services, and customer service that bring in the revenue supporting operations are imperative to the life and success of the organization. One security vulnerability not properly mitigated can decimate the organization both financially and reputationally. There used to be a time when we could say if a threat occurs, but not anymore. Now it is a question of when a threat will impact a business and the severity of the impact.

I feel it is important to work with businesses of all sizes to address their cyber security presence and learn where the decisions they make today could have dire potential consequences. Helping build strategies and policies to mitigate and maintain security of operations. No person or organization can be fully secure, but we need to be applying standards and practices to make it as difficult as possible for bad actors. Our goal is to make it so hard to penetrate the defenses that they give up and move on to someone else.

Works Cited:
Arsenault, Bret. (March 2023). Your biggest cybersecurity risks could be inside your organization. Harvard Business Review. https://hbr.org/2023/03/your-biggest-cybersecurity-risks-could-be-inside-your-organization

Kosiol, Jack, and Watts, Rob, and Bottorff, Cassie. (August 2022). Most common cyber security threats in 2023. Forbes.https://www.forbes.com/advisor/business/common-cyber-security-threats/ Rosencrance, Linda. (February 2023). Top 10 types of information security threats for IT teams. TechTarget.https://www.techtarget.com/searchsecurity/feature/Top-10-types-of-information-security-threats-for-IT-teams